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REMARKS 



Claims 1 and 22-28 are pending, and claims 2-21 have been canceled. 



Claims 1-21 were rejected under 35 U.S.C. §103(a) as being anticipated by Hollow ay 
et al. (US 5,805,801) in view of Sofer et al. (US 5,489,896). The applicant respectfully traverses 
this rejection for the following reason(s). 

We will assume the rejection is for claims 1 and 22-28, since claims 2-21 have been 
canceled, and the Examiner meant "obvious" instead of "anticipated". 



Holloway's invention relates to systems and methods for detecting and preventing intrusion 
into a campus local area network by an unauthorized user. A managed hub discovers each 
interconnect device in the network that supports the security feature and maintains an interconnect 
device list of such devices, which may include token ring switches, Ethernet switches, bridges and 
routers. The managed hub determines the interconnect devices in the campus network that are 
capable of supporting a local area network (LAN) security feature. The managed hub then uses the 
responses to build and maintain a table of interconnect devices in the network that support the 
security feature. Here, during a discovery phase, the managed hub periodically sends a discovery 
frame to a LAN security feature group address. The managed hub detects an intrusion by an 
unauthorized address on one of its ports by comparing the MAC addresses on each port against a list 
of authorized MAC addresses, disables the port and notifies the other interconnect devices in the 
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network of the intrusion by transmitting a security breach detected frame to the LAN security feature 
group address. The interconnect devices set a filter on their respective ports against the intruding 
unauthorized address. 

Sofer' s invention relates to a security unit for a network having a data bus to which a plurality 
of stations (interconnect devices ) can be connected wherein the security unit monitors traffic on the 
data bus and only enables authorized data to flow along the data bus. The data bus and the security 
unit are part of a hub. The traffic includes a multiplicity of data packets each having source and 
destination addresses and the security unit includes a plurality of correlators for determining that the 
source and destination addresses indicate an authorized communication. Additionally, each station 
is connected to the data bus via a port having a port address and one of the correlators correlates the 
source address with an authorized port address. 

Note that Sofer' s port address is not the same nor equivalent to a destination address, as Sofer 
clearly differentiates the two addresses. A destination address is the final destination for the 
message, where the port address is for a particular port connected to the final destination. 

Sofer differs from Holloway in that Sofer teaches the destination station address be in a list 
of authorized destination station addresses for the source station address, because Sofer is concerned 
with permitting two stations being authorized to communicate with each other. Holloway is only 
concerned with intrusion by an unauthorized source station outside the network breaking into the 
network via one of the ports. There is no concern with whether a source station is authorized to 
connect to a destination station. 

If one of ordinary skill in the art were motivated to modify the security of a network utilizing 
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Holloway's system in the manner taught by Sofer, then the skilled artisan would modify the system 
as taught by Sofer. 

Claim 1 

Claim 1 calls for, in part, detecting, in the address table, access vectors corresponding to the 
MAC destination and source addresses. 

The combination of applied art fails to teach the foregoing feature. 

As shown in Fig. 3, Sofer discloses an authorization unit 44 that comprises three correlators 
50, 52 and 54, a mode switch 56 and a decision unit 58. Correlator 50 determines whether or not the 
source station address is among authorized source stations. Correlator 52 determines whether or not 
the source station address is attached to its corresponding port, where the port address is provided 
from a hub 20. Correlator 54 determines whether or not the source station is allowed to communicate 
with the destination station. Each of correlators 50-54 comprise a list of authorized relationships. 
Thus, correlator 50 has a list of authorized stations, correlator 52 has a list of source addresses and 
their corresponding port addresses and correlator 54 has a list of source addresses and their allowed 
destination addresses. 

As mentioned above, claim 1 calls for detecting, in an address table, access vectors 
corresponding to the MAC destination and source addresses. 

None of Sofer' s correlators utilize access vectors, but instead use specific addresses, and 
similarly Holloway discloses the use of an authorized address list (AAL) controls which MAC 
addresses are allowed to connect to specified ports . Each entry in the AAL consists of two fields: port 
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number and authorized address. The port number identifies a specific port on the hub; the authorized 
address field specifies the address or addresses that are allowed to connect to the port. The AAL 
(Authorized Address List) defines which MAC source addresses, i.e., authorized source address, are 
allowed to connect to specific ports on the hub. 

Accordingly, neither of the applied references would have taught one of ordinary skill in the 
art to utilize access vectors, which are not equivalent to access addresses, instead of MAC addresses. 

The present invention has an advantage over the applied art, because of its use of access 
vectors. An access vector has been defined by the specification to consist of a bit vector. The bit 
value "0" means restriction to access and "1" means allowance for access. For example, if a server 
node S 1 has an access vector 000 1 0000 and a client node C 1 has access vector 1 000000 1 , then client 
node (source station) CI cannot access server node (destination station) SI, but another client node 
C2 having access vector 00010001 can access server node SI. 

For further understanding, access vector 00010000 of a server node SI means that Si's 
HostID is 3, and its access vector is Ox80»3. If CI is going to be an access client node, the access 
vector of CI should be (0x80»3). If the access vector of CI is 10010001, then this access vector 
1 00 1 000 1 means C 1 can access server nodes that have HostID 0, 3 or 7. Thus a client node having 
an access vector xxxlxxxx (x can be a 0 or 1) can access a server node having a HostID of 3, and 
a client node having an access vector xxxOxxxx (x can be a 0 or 1) is restricted from accessing a 
server node having a HostID of 3. 

Accordingly, it is possible to use the same (e.g., 8-bit) access vectors for more than one (32- 
bit) source address and (32-bit) destination address, thereby saving memory space for storing the 
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correlating 8-bit access vectors instead of correlating each 32-bit source address and destination 
address. 

In paragraph 3, pages 2-3 of Paper No. 20060610, the Examiner responds to the forgoing 
arguments only so much as to indicate that Examiner has given "the claims and the term, * access 
vectors/ the broadest reasonable interpretation in light of the specification." 

Here the Examiner refers to the specification's indication that are bit vectors that are 
compared and refers to claim 1 which states that the access vectors correspond to the MAC 
destination and source addresses. 

Of course the access vectors must correspond to the MAC destination and source addresses, 
however, this does not mean that the access vectors are analogous nor equivalent to the MAC 
destination and source addresses. The access vectors are defined in the specification and, as defined, 
cannot be used as MAC destination and source addresses for transmitting and receiving data packets 
over a network. 

Additionally, since the access vectors are defined by the specification, it is an error for the 
Examiner to give them a different definition. During examination, the claims must be interpreted 
as broadly as their terms reasonably allow. This means that the words of the claim must be given 
their plain meaning unless applicant has provided a clear definition in the specification. See MPEP 
§21 1 1.01; and Toro Co. v. White Consol Indus., Inc., 199 F.3d 1295, 1299, 53 USPQ2d 1065, 1067 
(Fed. Cir. 1 999)("[W]ords in patent claims are given their ordinary meaning in the usage of the field 
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of the invention, unless the text of the patent makes clear that a word was used with a special 
meaning."). 

Further, the Applicant has asserted that the use of access vectors instead of MAC destination 
and source addresses for comparison is advantageous over the art. The Examiner has not addressed 
the asserted advantage. See MPEP §707.07(f). 

Therefore, since the present invention utilizes access vectors instead of the MAC addresses 
of the prior art, and the applied art fails to teach or move one of ordinary skill in the art to use 
anything other than MAC addresses for preventing or allowing access, the rejection of claim 1 is 
deemed to be in error and should be withdrawn. 

Claims 22-28 are deemed to be patentable over the art of record for the same reasons as claim 

1. 
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The Examiner is respectfully requested to reconsider the application, withdraw the objections 
and/or rejections and pass the application to issue in view of the above amendments and/or remarks. 

Should a Petition for extension of time be required with the filing of this Amendment, the 
Commissioner is kindly requested to treat this paragraph as such a request and is authorized to charge 
Deposit Account No. 02-4943 of Applicant's undersigned attorney in the amount of the incurred fee 
if, and only if, a petition for extension of time be required and a check of the requisite amount is 
not enclosed. 



1522 K Street, N.W. 
Washington, D.C. 20005 
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Respectfully submitted, 




Attorney for Applicant 
Reg. No.: 27,774 
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